From 5a6727811acc13d8ca6379161758c7d1a37bdc05 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Mon, 6 May 2024 12:38:21 +0200
Subject: [PATCH] ozg-3938 use projected volume
---
src/main/helm/templates/deployment.yaml | 22 +++++++-------
src/test/helm/deployment_grpc_tls_test.yaml | 29 +++++++++----------
.../src/main/resources/application.yml | 4 +--
3 files changed, 27 insertions(+), 28 deletions(-)
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index aadf0568c..ece9546f8 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -312,16 +312,10 @@ spec:
readOnly: true
{{- end }}
- name: namespace-ca-cert
- mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
- subPath: tls.crt
+ mountPath: "/bindings/namespace-certificate"
readOnly: true
- name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/cert.pem"
- subPath: tls.crt
- readOnly: true
- - name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/key.pem"
- subPath: tls.key
+ mountPath: "/grpc-tls"
readOnly: true
volumes:
- name: bindings
@@ -343,8 +337,16 @@ spec:
secretName: vorgang-manager-grpc-tls-cert
optional: true
- name: namespace-ca-cert
- secret:
- secretName: {{ include "app.namespace" . }}-ca-cert
+ projected:
+ sources:
+ - secret:
+ name: {{ include "app.namespace" . }}-ca-cert
+ optional: true
+ items:
+ - key: ca.crt
+ path: ca.crt
+ - configMap:
+ name: bindings-type
dnsConfig: {}
dnsPolicy: ClusterFirst
imagePullSecrets:
diff --git a/src/test/helm/deployment_grpc_tls_test.yaml b/src/test/helm/deployment_grpc_tls_test.yaml
index 2004d551f..91494cfe6 100644
--- a/src/test/helm/deployment_grpc_tls_test.yaml
+++ b/src/test/helm/deployment_grpc_tls_test.yaml
@@ -31,6 +31,7 @@ templates:
set:
ozgcloud:
environment: test
+ imagePullSecret: test-image-pull-secret
tests:
- it: should have volume for grpc-tls-cert
template: deployment.yaml
@@ -49,18 +50,7 @@ tests:
path: spec.template.spec.containers[0].volumeMounts
content:
name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/cert.pem"
- subPath: tls.crt
- readOnly: true
- - it: should have volume mount for grpc-tls-cert key
- template: deployment.yaml
- asserts:
- - contains:
- path: spec.template.spec.containers[0].volumeMounts
- content:
- name: vorgang-manager-grpc-tls-cert
- mountPath: "/grpc-tls/key.pem"
- subPath: tls.key
+ mountPath: /grpc-tls
readOnly: true
- it: should have volume for namespace ca-cert
template: deployment.yaml
@@ -69,8 +59,16 @@ tests:
path: spec.template.spec.volumes
content:
name: namespace-ca-cert
- secret:
- secretName: sh-helm-test-ca-cert
+ projected:
+ sources:
+ - secret:
+ items:
+ - key: ca.crt
+ path: ca.crt
+ name: sh-helm-test-ca-cert
+ optional: true
+ - configMap:
+ name: bindings-type
- it: should have volume mount for namespace ca-cert
template: deployment.yaml
asserts:
@@ -78,8 +76,7 @@ tests:
path: spec.template.spec.containers[0].volumeMounts
content:
name: namespace-ca-cert
- mountPath: "/bindings/ca-certificates/namespace-root-ca.pem"
- subPath: tls.crt
+ mountPath: "/bindings/namespace-certificate"
readOnly: true
- it: should not contain grpc_server_security_enabled env
asserts:
diff --git a/vorgang-manager-server/src/main/resources/application.yml b/vorgang-manager-server/src/main/resources/application.yml
index 69103ce59..ca964777a 100644
--- a/vorgang-manager-server/src/main/resources/application.yml
+++ b/vorgang-manager-server/src/main/resources/application.yml
@@ -40,8 +40,8 @@ grpc:
server:
security:
enabled: true
- certificate-chain: file:/grpc-tls/cert.pem
- private-key: file:/grpc-tls/key.pem
+ certificate-chain: file:/grpc-tls/tls.crt
+ private-key: file:/grpc-tls/tls.key
management:
server:
--
GitLab